diff options
| author | Ritvik Budhiraja <[email protected]> | 2023-11-21 19:13:47 +0530 |
|---|---|---|
| committer | Steve French <[email protected]> | 2023-11-23 11:42:55 -0600 |
| commit | a15ccef82d3de9a37dc25898c60a394209368dc8 (patch) | |
| tree | fd45edb7712b009190a4d2549183894893838e34 | |
| parent | 98b1cc82c4affc16f5598d4fa14b1858671b2263 (diff) | |
cifs: fix use after free for iface while disabling secondary channels
We were deferencing iface after it has been released. Fix is to
release after all dereference instances have been encountered.
Signed-off-by: Ritvik Budhiraja <[email protected]>
Reported-by: kernel test robot <[email protected]>
Reported-by: Dan Carpenter <[email protected]>
Closes: https://lore.kernel.org/r/[email protected]/
Signed-off-by: Steve French <[email protected]>
| -rw-r--r-- | fs/smb/client/sess.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 8b2d7c1ca428..816e01c5589b 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -332,10 +332,10 @@ cifs_disable_secondary_channels(struct cifs_ses *ses) if (iface) { spin_lock(&ses->iface_lock); - kref_put(&iface->refcount, release_iface); iface->num_channels--; if (iface->weight_fulfilled) iface->weight_fulfilled--; + kref_put(&iface->refcount, release_iface); spin_unlock(&ses->iface_lock); } |